. home.aspx



Siemens Issues Alert, DoS Vulnerability

May 16, 2018 / Kacy Zurkus

Siemens, an industrial security provider, has issued a security advisory for a newly discovered vulnerability (CVE-2018-4850) that could lead to a denial-of-service (DoS). The affected SIMATIC S7-400 CPUs improperly validate S7 communication packets, which could cause a DoS condition on a CPU. "The CPU will remain in DEFECT mode until manual restart," Siemens wrote. An attacker only needs to be able to send the packets to a communication interface of the CPU via Ethernet or Process Field Bus (PROFIBUS), for example. No user interaction is needed in order to exploit the vulnerability. As of the security advisory publication on 15 May, there have been no known public exploitations. The vulnerability, with a CVSS v3.0 base score of 7.5, affects the SIMATIC S7-400 CPU hardware v.4.0 and below, which are being phased out. The products in this family, which are used worldwide, have been designed for process control in industrial environments across the automotive industry and in me...